CLI tool for deterministically building and verifying executable against on-chain programs or buffer accounts

Overview

Solana Verify CLI

A command line tool to build and verify solana programs. Users can ensure that the hash of the on-chain program matches the hash of the program of the given codebase.

Installation

In order for this CLI to work properly, you must have docker installed on your computer. Follow the steps here: https://docs.docker.com/engine/install/ to install Docker (based on your platform)

Once the installation is complete, make sure that the server has been started: (https://docs.docker.com/config/daemon/start/)

To install the Solana Verify cli, run the following in your shell:

bash <(curl -sSf https://raw.githubusercontent.com/Ellipsis-Labs/solana-verifiable-build/master/verifier-cli-install.sh)

Example Walkthrough

After installing the CLI, we can test the program verification against the following immutable mainnet program: 2ZrriTQSVekoj414Ynysd48jyn4AX6ZF4TTJRqHfbJfn

Check it out here: https://solana.fm/address/2ZrriTQSVekoj414Ynysd48jyn4AX6ZF4TTJRqHfbJfn?cluster=mainnet-qn1

Verification with Docker

Run the following command:

solana-verify verify-from-image -e examples/hello_world/target/deploy/hello_world.so -i ellipsislabs/hello_world_verifiable_build:latest -p 2ZrriTQSVekoj414Ynysd48jyn4AX6ZF4TTJRqHfbJfn

This command loads up the image stored at ellipsislabs/hello_world_verifiable_build:latest, and verifies that the hash of the executable path in the container is the same as the hash of the on-chain program supplied to the command. Because the build was already uploaded to an image, there is no need for a full rebuild of the executable which takes an extremely long time.

The Dockerfile that creates the image ellipsislabs/hello_world_verifiable_build:latest can be found in ./examples/hello_world under this repo.

Below is the expected output:

Verifying image: "ellipsislabs/hello_world_verifiable_build:latest", on network "https://api.mainnet-beta.solana.com" against program ID 2ZrriTQSVekoj414Ynysd48jyn4AX6ZF4TTJRqHfbJfn
Executable path in container: "examples/hello_world/target/deploy/hello_world.so"

Executable hash: 08d91368d349c2b56c712422f6d274a1e8f1946ff2ecd1dc3efc3ebace52a760
Program hash: 08d91368d349c2b56c712422f6d274a1e8f1946ff2ecd1dc3efc3ebace52a760
Executable matches on-chain program data ✅

Manual Verification

To get the hash of an on-chain program, we can run the following with a given program ID:

solana-verify get-program-hash 2ZrriTQSVekoj414Ynysd48jyn4AX6ZF4TTJRqHfbJfn

Which will return the following hash:

08d91368d349c2b56c712422f6d274a1e8f1946ff2ecd1dc3efc3ebace52a760

By default, this command will strip any trailing zeros away from the program executable and run the sha256 algorithm against it to compute the hash.

To manually verify this program, one could run the following from the root of this repository, which builds a program from source code and computes a hash. This command takes a long time because it is building the binary in a Docker container

solana-verify build $PWD/examples/hello_world

Now we can check the resulting hash from the build.

solana-verify get-executable-hash ./examples/hello_world/target/deploy/hello_world.so

This will return the hash of the stripped executable, which should match the hash of the program data retrieved from the blockchain.


08d91368d349c2b56c712422f6d274a1e8f1946ff2ecd1dc3efc3ebace52a760

You might also like...
An easily deployable service to monitor mission-critical SPL token accounts
An easily deployable service to monitor mission-critical SPL token accounts

Vault watcher Monitoring critical spl-token accounts in real time Table of contents Introduction Usage Configuration Configuration examples Grafana In

Allows deploying modules to Aptos under resource accounts.

Aptos Deployer Module containing helpers for deploying resource accounts. Resource accounts allow the module to sign as itself on-chain, which is usef

Anchor Design of contract - Accounts, Parameters

MarketplaceDesign Anchor Design of contract - Accounts, Parameters Main Instructions are Initialize ListForSale AcceptOffer CancelList MakeOffer Cance

Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials.

The Nym Privacy Platform The platform is composed of multiple Rust crates. Top-level executable binary crates include: nym-mixnode - shuffles Sphinx p

Parser and test runner for testing compatable common Ethereum full node tests against Polygon Zero's EVM.

EVM Test Parses and runs compatible common Ethereum tests from ethereum/tests against Polygon Zero's EVM. Note: This repo is currently very early in d

A template for AVR executable (non-library) projects

Rust AVR executable template A template for Rust based AVR executables. NOTE: This software template repository is offered in the public domain. It is

Rust starter project for building CLI and libraries, with great CI
Rust starter project for building CLI and libraries, with great CI

Using the starter project: find where bumblefoot is and replace it with the name of your project. $ rg bumblefoot This is a dual library and binary pr

🔗 Tool for rebasing a chain of local git branches.

git-chain Tool for rebasing a chain of local git branches. Motivation Suppose you have branches, each depending on a parent branch (usually called "st

⬆ A program for deploying and upgrading programs.

DeployDAO Migrator WARNING: This code is a work in progress. Please do not use it as is. A program for deploying and upgrading programs. About The Mig

Comments
  • Update installer

    Update installer

    Fix install script to allow downloadable executable for MacOS.

    Add Github actions to automate building for multiple OSs.

    Next Steps:

    • test github action auto build
    • update install script to point to right versions
    opened by throwbackjams 0
  • add verify from repo url feature

    add verify from repo url feature

    Takes in:

    • URL to the github repo
    • path to the program (if not in the main repo)
    • ProgramID to compare against

    Outputs:

    • Build hash
    • On-chain program hash
    • Bool on whether they match
    opened by throwbackjams 0
Releases(v0.1.8)
  • v0.1.8(Jan 31, 2023)

  • v0.1.7(Jan 31, 2023)

  • v0.1.6(Jan 31, 2023)

    What's Changed

    • Jxiao/verify with canonical hash by @jarry-xiao in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/18

    Full Changelog: https://github.com/Ellipsis-Labs/solana-verifiable-build/compare/v0.1.5...v0.1.6

    Source code(tar.gz)
    Source code(zip)
  • v0.1.5(Jan 31, 2023)

    What's Changed

    • update install script to point at latest auto build by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/16
    • update to sha256 and print out hash after build by @jarry-xiao in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/17

    New Contributors

    • @jarry-xiao made their first contribution in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/17

    Full Changelog: https://github.com/Ellipsis-Labs/solana-verifiable-build/compare/v0.1.4...v0.1.5

    Source code(tar.gz)
    Source code(zip)
    verifier-cli-linux(13.77 MB)
    verifier-cli-macos(7.54 MB)
  • v0.1.4(Jan 30, 2023)

    What's Changed

    • fix version syntax bug by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/6
    • update upload artifact stage by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/7
    • update artifact upload yaml by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/8
    • use softprops for artifacts uploading in build.yml by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/9
    • fix file upload path by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/10
    • fix artifact path in build.yml by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/11
    • update artifact paths and names by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/12
    • update artifact name so mac and linux don't overwrite by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/13
    • add asset path as envars by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/14
    • fix envars syntax in build.yml by @throwbackjams in https://github.com/Ellipsis-Labs/solana-verifiable-build/pull/15

    Full Changelog: https://github.com/Ellipsis-Labs/solana-verifiable-build/compare/v0.1.3...v0.1.4

    Source code(tar.gz)
    Source code(zip)
    verifier-cli-linux(13.31 MB)
    verifier-cli-macos(7.13 MB)
  • v0.1.1(Jan 30, 2023)

Owner
Ellipsis Labs
Ellipsis Labs
Library and CLI tool for generating Radix Babylon Accounts.

Wallet Compatible Derivation This repo is a package containing two crates - a library named wallet_compatible_derivation and binary named wallet_compa

Radix DLT 3 Feb 28, 2024
Convenience crate for verifying crypto-signed messages

signature-verifier This crate provide an easy way to verify Solana and Ethereum wallet-signed messages. Installation Add the crate to your Cargo.toml

Tim Plotnikov 3 Apr 2, 2024
The Solana Program Library (SPL) is a collection of on-chain programs targeting the Sealevel parallel runtime.

Solana Program Library The Solana Program Library (SPL) is a collection of on-chain programs targeting the Sealevel parallel runtime. These programs a

null 6 Jun 12, 2022
Examples of Solana on-chain programs

spl-examples List of Solana on-chain programs which demonstrate different aspects of Solana architecture. 01__state It's a counter program. Each user

Max Block 51 Dec 6, 2022
Synchronized shadow state of Solana programs available for off-chain processing.

Solana Shadow The Solana Shadow crate adds shadows to solana on-chain accounts for off-chain processing. This create synchronises all accounts and the

null 40 Oct 30, 2022
A collection of Solana-maintained on-chain programs

Solana Program Library The Solana Program Library (SPL) is a collection of on-chain programs targeting the Sealevel parallel runtime. These programs a

Solana Foundation 2.2k Jan 6, 2023
Gum Program Library, a collection of on chain programs maintained by Gum

Gum, at its core, is a decentralized social media protocol on Solana. It unbundles traditional social media into Social Legos similar to how Defi unbu

Gum 4 Feb 22, 2023
`llm-chain` is a powerful rust crate for building chains in large language models allowing you to summarise text and complete complex tasks

llm-chain ?? llm-chain is a collection of Rust crates designed to help you work with Large Language Models (LLMs) more effectively. Our primary focus

Sobel IO 36 Apr 6, 2023
Built for Perpetual Protocol v2 Curie on Optimism chain. This CLI tool was built with Rust.

Perpetual Protocol CLI for Perp v2 Curie This tool is to provide a simple, fast and efficient way to interact Perpetual Protocol contracts from your t

Brendan Wenzel 4 Jan 11, 2023
hello-world geyser plugin to stream accounts and transactions from a solana node

src/lib.rs: entrypoint src/plugin.rs: main plugin code to run: cargo build && solana-test-validator -r --geyser-plugin-config config.json note: make s

null 4 Nov 18, 2022